Every Wi-Fi Device is Vulnerable
Wi-Fi Protected Access II (WPA2) is a security protocol developed by the Wi-Fi Alliance to secure wireless computer networks. It’s an upgrade from WPA technology and is a replacement for older WEP standards.
Mathy Vanhoef, security researcher from Katholieke Universiteit Leuven in Belgium, recently discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks.
A new exploit called KRACK (Key Reinstallation Attacks) makes it possible for attackers within range of vulnerable devices to eavesdrop on all Wi-Fi traffic passing between clients and access points.
The exploit code has been released. Here’s the proof-of-concept video bypassing WPA2 against Android and Linux, showing the attacker decrypting all data from a phone to the access point:
All devices that support Wi-Fi and any cipher suites (WPA-TKIP, AES-CCMP, and GCMP) are affected.
There’s a real-time list of affected devices from CERT.
So how to mitigate?
- Avoid connecting to Wi-Fi networks in public places
- Only access websites that uses HTTPS or use a VPN
- Use ethernet cable, if possible
- Check to see if an update patch is available for your phone, PC, router access points, etc
References:
